Bug bounty chat

20 Jan 2025 11:12

I'm glad I learned a lot here!

Bug bounty chat

18 Jan 2025 16:01

https://infosecwriteups.com/stored-xss-to-admin-in-unauthenticated-wordpress-cb76bae66623

Bug bounty chat

17 Jan 2025 22:32

Hello, it would be a pleasure, could you help me solve the following laboratory?
thanks --> https://xss-labs.abay.sh/xss/6.php

Bug bounty chat

17 Jan 2025 05:45

Actually it was hosted amazon elb

Bug bounty chat

16 Jan 2025 20:07

https://www.youtube.com/watch?v=hHLCfTm8TN8

Bug bounty chat

16 Jan 2025 16:29

How to capture the https username and password using wireshark tool

Bug bounty chat

16 Jan 2025 12:36

fuzzing ke liye wordlists send karo koi plz

Bug bounty chat

16 Jan 2025 09:13

https://github.com/Vulnpire/Reclaim

Bug bounty chat

16 Jan 2025 08:10

yeah report the username enum vulnerability

Bug bounty chat

15 Jan 2025 17:29

ok bro now verifying it

Bug bounty chat

15 Jan 2025 17:28

uptimerbot is vulnerable

Bug bounty chat

15 Jan 2025 16:23

and other one is uptimerobot

Bug bounty chat

15 Jan 2025 12:40

share poc to check and confirm

Bug bounty chat

15 Jan 2025 07:19

Yes I can help with jwt

Bug bounty chat

12 Jan 2025 19:58

hello, can anyone help me with a bug on a site?

Bug bounty chat

20 Jan 2025 11:12

What's your plan for today?

Bug bounty chat

17 Jan 2025 23:28

https://youtu.be/RuTadZiYn1U

Bug bounty chat

17 Jan 2025 06:06

Better luck next time

Bug bounty chat

17 Jan 2025 05:44

Yeah it was subdomain takeover but got duplicate someone had already reported before me

Bug bounty chat

16 Jan 2025 16:41

Capture site TCP request

Bug bounty chat

16 Jan 2025 16:02

Hello
Thank you for accepting the group

Bug bounty chat

16 Jan 2025 09:32

Who have private program go collabaration

Bug bounty chat

16 Jan 2025 08:31

The email enum vulnerability is not valid according to their rules stated on the program rules

Bug bounty chat

16 Jan 2025 07:19

Hey everyone, so I have stumbled upon a kind of a logic bug a while back. Basically, to change the password the app requires a two step verification via email. And the user needs to solve captcha on the front end to submit their email while requesting for a password change to get a reset link on the email.

However, in the backend through burp, I can insert the email without solving the captcha about 20-25 times before getting locked out. Mind you, the app has an email enumeration bug which lets you identify if an email is registered on the app or not.

So, I can insert any user's email as many times as I want to request reset password links and lock the actual user out from resetting their passwords.

Do you think it is a valid security bug?

I'm a bit confused and scared to report because I don't wanna lose reputation by getting flagged as N/A.

Bug bounty chat

15 Jan 2025 17:29

https://exploit.linuxsec.org/uptimerobot-com-custom-domain-subdomain-takeover/

Bug bounty chat

15 Jan 2025 17:28

Sendgrid isn’t vulnerable

Bug bounty chat

15 Jan 2025 14:14

I sell db with 200k rows

Bug bounty chat

15 Jan 2025 10:35

hey i've found 2 subdomains that are reflecting subdomain takeover vulnerablity can anyone help me to confirm this vulnerability

Bug bounty chat

14 Jan 2025 12:51

is anyone good with cookies/jwt?

Bug bounty chat

12 Jan 2025 15:44

AMAZING bookmark trick